Dragos an ICS/OT security firm has revealed about a failed breach attempt of a ransomware group in into its systems.
Threat actors compromised the personal email ID of an employee prior to his/her start date and used the obtained personal information to impersonate the Dragos employee and accomplish the initial steps in the employee onboarding process.
The intruders had access to resources that are usually available to new employees in the sales department. The attackers were able to access SharePoint and the Dragos contract management system.
The attackers were able to access a report with IP addresses associated with a customer, however, Dragos immediately informed the customer.
As per the statement – We investigated alerts in our corporate SIEM and blocked the compromised account. We promptly activated our incident response retainer with a leading service provider and engaged our third-party Monitoring, Detection & Response provider to manage incident response efforts.
The company states that the security controls in place have prevented threat actors from performing malicious activities once gained a foothold in its network.
Below is the timeline of the attack shared by the industrial cybersecurity firm.
The threat actor failed to deploy ransomware, then pivoted to attempting to extort the company to avoid public disclosure. They sent various messages and an extortion email to Dragos executives, but the company avoided getting in touch with the criminals.
Shortly after reading the extortion message, the security team disabled the compromised account and locked out the attackers. The security firm confirmed that an investigation is still ongoing.